So I have been reading the VMware security hardening guide(http://blogs.vmware.com/security/2008/07/update-to-vi3-s.html) and I came across several interesting notes. This one caught my eye:
"Virtual machines can write troubleshooting information to a virtual machine log file (vmware.log) stored on the VMware VMFS volume used to store other files for the virtual machine. Virtual machine users and processes can be configured to abuse the logging function, either intentionally or inadvertently, so that large amounts of data flood the log file. Over time, the log file can consume so much of the ESX/ESXi host’s file system space that it fills the hard disk, causing an effective denial of service as the datastore can no longer accept new writes."
So, I decided to write some code that would do just that. There are many many ways to achieve this, one of them being a script that invokes the xferlog program that comes with VMware tools. This method also caused about 50% of the cpu resources to be consumed on the host. It was necessary to throttle my script back a little though or else it sets off an alarm on the host and stops the logging process. But, with the throttled script I can fill about .5Mb/min of disk space.
Attack mitigation:
Use the following VM settings:
log.rotateSize 100000
log.keepOld 10
or
Isolation.tools.log.disable true
Tuesday, August 12, 2008
Program Debugging
So I have been doing a lot of research on VMware lately and to understand how a VM communicates with the host I started refreshing myself on assembly code. Here is an excellent tutorial http://www.xs4all.nl/~smit/asm01001.htm Next I started to learn how Ollydbg works and I needed some practice applications. http://hackquest.de/ is a "wargame" that has many challenges including a "cracking" section. I downloaded their cracking apps and used them as practice to learn Ollydbg. Ollydbg is a powerful reverse engineering tool so, I will leave the rest of the learning process up to you.
Subscribe to:
Posts (Atom)